Introduction

1. The Auditor-General Act 1997 establishes the mandate for the Auditor General to undertake financial statement audits of all Australian Government entities including those of Government agencies, statutory authorities and Government business enterprises.

2. The preparation of audited financial statements in compliance with the Finance Minister’s Orders¹ is a key element of the financial management and accountability regime applicable to Australian Government entities. It is generally accepted in both the private and public sectors that a good indicator of the effectiveness of an entity’s financial management is the timely finalisation of its annual financial statements, accompanied by an unmodified audit opinion. Australian Government entities, in cooperation with the Australian National Audit Office (ANAO), devote considerable effort to achieving such an outcome.

3. Financial statement audits are an independent examination of the financial accounting and reporting of public sector entities. The results of the examination are presented in an auditor’s report, which expresses the auditor’s opinion on whether the financial statements as a whole and the information contained therein fairly present each entity’s financial position and the results of its operations and cash flows. The accounting treatments and disclosures reflected in the financial statements by the entity are assessed against relevant accounting standards and legislative reporting requirements.

4. Under section 57 of the Financial Management and Accountability Act 1997 (FMA Act), the Auditor-General is required to report each year to the relevant Minister on whether the financial statements of agencies have been prepared in accordance with the Finance Minister’s Orders (FMOs) and whether they give a true and fair view of the matters required by those Orders.

5. To assist agencies to manage their responsibilities, the ANAO periodically publishes better practice guides on a range of aspects of public administration. During 2011–12, the ANAO published three Better Practice Guides: Public Sector Audit Committees; Developing and Managing Contracts and Public Sector Environmental Management. An updated guide on Public Sector Internal Audit is due to be released early in the next financial year. Better Practice Guides are well received by agencies and contribute to agencies maintaining the maturity of their internal control systems.

6. The interim phase of the audit of agencies encompasses a review of governance arrangements related to agencies’ financial reporting responsibilities, and an examination of relevant internal controls, including information technology system controls. The ANAO’s examination of these areas is designed to assess the reliance that can be placed on agencies’ internal controls to produce complete and accurate information for financial reporting purposes.

7. The audit findings in this report have been reported to the management of each agency and to the responsible Minister(s).

Developments in financial reporting and auditing frameworks

8. The Australian Accounting Standards Board (AASB) has continued to work towards improved financial reporting by adding to or modifying Australian accounting standards. During 2011–12, the changes to standards have only had an impact on a small number of agencies.

9. Future changes to Australian Accounting Standards will be driven largely by developments in accounting standards internationally. Significant changes to accounting standards and the conceptual frameworks used to develop standards are underway, potentially changing reporting requirements in important areas such as financial instruments, revenue and leases. The AASB has also initiated a number of domestic projects. These include a project that considers harmonising reporting by Government entities with the Australian Bureau of Statistics’ Government Finance Statistics framework; such an approach has been adopted for reporting by governments but not for Government entities. The AASB is also considering applying the disclosure requirements for related party transactions and executive remuneration to not-for-profit public entities.

10. The Australian Auditing and Assurance Standards Board has commenced a range of activities that relate to the audit of financial statements including: revising its 2008 guide, Audit Committees: a Guide to Good Practice; developing a joint policy paper with the New Zealand Auditing and Assurance Standards Board regarding the harmonisation of Australian and New Zealand auditing standards; revising the 2009 AuASB Bulletin: Auditing Considerations in an Uncertain Economic Environment; and revising ASA 610 Using the Work of Internal Auditors, in line with changes to the equivalent international standard.

Summary of audit results

Internal control in agencies²

11. A central element of the ANAO’s financial statement audit methodology, and the focus of the interim phase of ANAO audits, is a sound understanding of an agency’s internal controls to inform our audit approach including the reliance we may place on agency systems to produce financial statements that are free from material misstatement. To do this, the ANAO uses the framework contained in the ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. The key elements of internal control, as discussed in ASA 315, are the control environment; the risk assessment process; information systems, including the related business processes relevant to financial reporting, and communication; control activities; and monitoring of controls.

Control environment

12. The ANAO assesses whether an agency’s control environment includes measures that contribute positively to sound corporate governance in the context of the preparation of an agency’s financial statements. These measures should be designed to mitigate identified risks of material misstatement in the financial statements, and reflect the specific governance requirements of each agency.

13. The ANAO observed that agencies have in place key elements of a financial control environment designed to provide a sound basis for the effective preparation of the agency’s financial statements. Audit committees, in particular, continue to have a positive influence on the effectiveness of agencies’ control environments particularly in the areas of risk assessment, legislative compliance and financial system controls.

Risk assessment process

14. An understanding of an agency’s risk assessment processes is an essential element of the ANAO’s financial statement audits. Agencies are expected to manage the key risks specific to their environment and the interim audit phase includes a review of controls relating to risks that may have a material impact on agencies’ financial statements. Generally, the ANAO found that agencies have well-established risk assessment processes, overseen by audit committees or other committees with specific risk management responsibilities.

15. Important elements of the risk assessment process common to all agencies are business continuity and fraud control management. The audit program identified a general improvement in the level of awareness and maintenance of business continuity and disaster recovery controls in agencies. However, a number of agencies did not test their Business Continuity Plans (BCPs) as part of normal business practice. In relation to fraud control, agencies have fraud control plans prepared in accordance with the Commonwealth Fraud Control Guidelines.³ A small number of agencies needed to improve the development and timely updating of fraud control plans.

Information systems

16. Information technology facilitates the way in which Australian Government agencies operate, and supports the business processes that deliver services to the Australian community.

17. Consistent with past practice, during the 2011–12 interim audits, the ANAO assessed the design and operation of key IT controls to determine the effectiveness of these controls and their impact on reducing risks affecting integrity of financial information presented in agencies’ financial statements.

18. Overall, the ANAO’s assessment of the operation of general and application controls in major agencies had identified no significant changes from 2010–11. While improvements observed in agencies’ change management governance and system release management arrangements in 2010–11 have been maintained in 2011–12, the management of user access, particularly the logging and monitoring of user activities for privileged users, and business continuity arrangements for Human Resources Management Information Systems (HRMIS) continued to be areas requiring improvement in some agencies.

Control activities

19. The results of the 2011–12 interim audit activity indicated that, overall, control activities relating to financial and accounting processes have continued to be maintained at an effective level. The total number of significant and moderate audit findings has again decreased, continuing the trend over recent years. Control issues identified by the audits related to areas such as: human resource management processes and a range of IT general application controls, particularly the management of user access to key financial business systems, IT security governance and HRMIS business continuity management. A total of 146 Category A, B, C and L1 findings ⁴were identified in the 2011–12 interim audit phase with the majority of these findings posing a low business or financial management risk, a small reduction compared with the 158 findings identified in 2010–11.

Monitoring of controls

20. Many activities undertaken by agencies contribute to their regime of monitoring controls. These include quality assurance arrangements, internal and external reviews, control self-assessment processes, and internal audit. In particular, all agencies have in place arrangements to enable Chief Executives to provide an annual Certificate of Compliance.

21. The ANAO continues to include an assessment of compliance in relation to annual appropriations, special appropriations, special accounts and the investment of public moneys in its financial statement audits as a result of interest shown by the Joint Committee of Public Accounts and Audit in past years. The 2011–12 interim audits found a high level of compliance in these areas, with the exception of actual or potential breaches of section 83 of the Constitution which provides that expenditure by the Commonwealth must be in accordance with an appropriation made by the Parliament. This matter is discussed at paragraphs 3.37 to 3.47 of Chapter 3 of this report.

Agency audit findings

22. The results of the 2011–12 interim audits reflect a continuation of the reduction over recent years in the number of significant (Category A) and moderate (Category B) audit findings. This reflects the general stability and maturity of the control regimes in the majority of agencies and actions taken by agencies to address prior year audit findings.

23. However, as noted above, the audits do continue to identify control weaknesses in a number of areas particularly relating to human resource management processes; the management of user access to key financial systems; IT security governance; and HRMIS business continuity management.

24. Generally, agencies have been positive and timely in their response to ANAO audit findings.

25. The following is a summary of the trend in Category A, B and L1 audit findings between 2010–11 and 2011–12 reported at the completion of the interim audit phase. There was:

• one agency with a Category A audit finding in 2011–12, the same number as in 2010–11;
• one Category A audit finding in 2011–12, a decrease from three in 2010–11;
• thirty–one Category B audit findings across all agencies in both 2010–11 and 2011–12;
• an increase in the number of Category B audit findings in seven agencies; five showed a decrease; and 13 agencies had no Category B findings in either 2010–11 or 2011–12; and
• one agency with a Category L1 finding in 2011–12, the same as in 2010–11.

26. A summary of Category A, B and L1 audit findings by agency is provided in Table 5.1 in Chapter 5.

Future audit coverage

In completing the audits of agencies’ 2011–12 financial statements, the ANAO will complete its assessment of the effectiveness of internal controls and areas of audit focus in each agency. The summary results of this work will be reported by the ANAO in December 2012.

Footnotes

[1]  The Finance Minister’s Orders (FMOs) made by the Minister for Finance and Deregulation set out the requirements for the preparation of financial statements of all reporting entities covered by the Financial Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997.

[2]  The term ‘agencies’ refers to the 25 major General Government Sector agencies referred to in this report. These are listed at Appendix 1 of the report.

[3] The Fraud Control Plan for the Department of Regional Australia, Regional Development and Local Government (DRARDLG) was in draft form at the time of the audit.

[4] The ANAO rates its audit findings according to a risk scale. Audit findings that pose a significant business or financial management risk to the entity are rated as ‘A’. Findings that pose a moderate business or financial management risk are rated as ‘B’. Findings that pose a low business or financial management risk are rated as ‘C’. Category L1 findings are instances of non-compliance with key legislative requirements.